2025-07-18 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-13972 | Sophos - Sophos Intercept X for Windows | A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. | CVSS3.1: 8.8 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-0886 | Lenovo - Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW)Lenovo - Elliptic Human Presence Detection Driver for ThinkPad P1 Gen 7 (Type 21KV, 21KW)Lenovo - Elliptic Virtual Lock Sensor Service for P14s Gen 4 (Type 21HF, 21HG)Lenovo - Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 4 (Type 21K5, 21K6)Lenovo - Elliptic Human Presence Detection Driver for ThinkPad P14s Gen 5 (Type 21G2, 21G3)Lenovo - Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 5 (Type 21ME, 21MF)Lenovo - Elliptic Human Presence detection Device Driver for ThinkPad P16 Gen 2 (Type 21FA, 21FB)Lenovo - Elliptic Virtual Lock Sensor Service for P16s Gen 2 (Type 21HK, 21HL)Lenovo - Elliptic Human Presence Detection Device Driver for ThinkPad P16s Gen 2 (Type 21K9, 21KA)Lenovo - lliptic Human Presence Detection Driver for P16s Gen 3 (Type 21KS, 21KT)Lenovo - Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 1 (Type 21FC, 21FD)Lenovo - Elliptic Human Presence Detection Driver for ThinkPad P16v Gen 1 (Type 21FE, 21FF)Lenovo - Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 2 (Type 21KX, 21KY)Lenovo - Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21AH, 21AJ)Lenovo - Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21CF, 21CG))Lenovo - Elliptic Virtual Lock Sensor Service for T14 Gen 4 (Type 21HD, 21HE)Lenovo - Elliptic Human Presence Detection Device Driver for T14 Gen 4 (Type 21K3, 21K4)Lenovo - lliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21MC, 21MD)Lenovo - Elliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21ML, 21MM)Lenovo - Elliptic Virtual Lock Sensor Service for T14s Gen 4 (Type 21F6, 21F7)Lenovo - Elliptic Human Presence Detection Device Driver for ThinkPad T14s Gen 4 (Type 21F8, 21F9)Lenovo - Elliptic Human Presence Detection Device Driver for T14s Gen 5 (Type 21LS, 21LT)Lenovo - Elliptic Human Presence Detection driver for ThinkPad T14s Gen 6 (Type 21M1, 21M2)Lenovo - Elliptic Virtual Lock Sensor Service for T16 Gen 2 (Type 21HH, 21HJ)Lenovo - Elliptic Human Presence Detection Device Driver for T16 Gen 2 (Type 21K7 21K8)Lenovo - Elliptic Human Presence Detection Device Driver for T16 Gen 3 (Type 21MN, 21MQ)Lenovo - Elliptic Virtual Lock Sensor Service for X1 2-in-1 Gen 9 (Type 21KE, 21KF)Lenovo - Elliptic Virtual Lock Sensor Service for ThinkPad X1 Carbon 12th Gen (Type 21KC, 21KD)Lenovo - Elliptic Human Presence Detection Device Driver for X13 2-in-1 Gen 5 (Type 21LW, 21LX)Lenovo - Elliptic Virtual Lock Sensor for ThinkPad X13 Gen 4 (Type 21EX, 21EY)Lenovo - Elliptic Human Presence Detection Driver for ThinkPad X13 Gen 4 (Type 21J3, 21J4)Lenovo - Elliptic Human Presence Detection Device Driver for X13 Gen 5 (Type 21LU, 21LV)Lenovo - Elliptic Virtual Lock Sensor for X13 Yoga Gen 4 (Type 21F2, 21F3) | An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. | CVSS4.0: 8.5 - HIGH CVSS3.1: 7.8 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2025-20274 | Cisco - Cisco Unified Contact Center ExpressCisco - Cisco Unified Intelligence Center | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer. | CVSS3.1: 6.3 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability | github |
This post is licensed under CC BY 4.0 by the author.